BRUSSELS/PORTSMOUTH, NH: With just over six months to go before the European Union’s General Data Protection Regulation (GDPR) comes into force, it appears US companies are better prepared than their European counterparts.
According to a joint report from the International Association of Privacy Professionals (IAPP) and TrustArc, a technology compliance company, 84% of US respondents expect to be GDPR-compliant by May 25, 2018, compared with 72% of Europeans.
TrustArc and the IAPP surveyed nearly 500 privacy professionals split evenly between the US and EU, asking them to rank perceived risk on a five-point scale, with 1 indicating no risk and 5 showing high risk.
Companies and organisations around the world have been keeping a close eye on the GDPR, which will introduce tough restrictions on how consumer data is collected and stored. Failure to comply carries the risk of fines of up to €20m or 4% of global turnover, whichever is the greater.
In their overall assessment of their preparedness, the respondents identified the four greatest compliance risks as: the GDPR’s 72-hour breach notification, data inventory and mapping, obtaining user consent, and managing international data transfers.
However, there were differences between the American and European privacy professionals, with the former identifying international data transfers as the top compliance risk, while Europeans cited failure to be prepared for a data breach.
And in terms of barriers to compliance, US firms cited the complexity of GDPR requirements as the largest hurdle, while EU firms pointed to a lack of appropriate budget.
Regardless of confidence levels, all respondents agreed that the number one way to mitigate GDPR compliance risk is privacy training, followed by investment in privacy and data protection technology, such as data mapping tools.
“Working with our customers, we find that the most effective strategy to achieve compliance is based on building employee expertise and know-how, combined with technology platforms that enable the next-generation processes and routines necessary to efficiently do things like identify and map user data and manage user consent,” said Chris Babel, CEO of TrustArc.
Separately, the Direct Marketing Association (DMA) in the UK released the latest findings of its ongoing study into the preparedness of marketers for the new regulations.
It found that about three-quarters reported having good awareness (77%) and are prepared (74%), although two-thirds (64%) believe their organisations will be “very” or “extremely” affected by the new rules and another 65% think the GDPR will hinder marketing.
Sourced from TrustArc, IAPP, DMA; additional content by WARC staff